Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites

US 7,325,058 B1
Filed: 11/13/2000
Issued: 01/29/2008
Est. Priority Date: 11/13/2000
Status: Expired due to Term

First Claim

Patent Images

1. An access server capable of allowing subscribers of a communications system to gain exclusive access to a domain site associated with a virtual circuit, said access server comprising:

a memory device capable of storing a domain list table and a tunnel ID table, said domain list table including a plurality of virtual circuit identifiers and associated domain site identifiers, said tunnel ID table including a plurality of domain names and associated tunnel IDs;

an authorized domain list determiner capable of determining an authorized domain list based upon said domain list table and a domain site identifier with a Point-to-Point Protocol (PPP) authentication request, said PPP authentication request received on a virtual circuit having a virtual circuit identifier;

an assessor capable of determining whether said domain site identifier within said PPP authentication request is in said authorized domain list;

a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table and said domain site identifier; and

an authorizer capable of granting subscribers domain site access based upon said authorized domain list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling subscriber access in a network capable of establishing connections with a plurality of domains includes receiving a communication from a subscriber using a first communication network coupled to at least one other communication network, the communication optionally including a domain identifier associated with a domain on the at least one other communication network, determining whether the subscriber is authorized to access the domain based upon the domain identifier and a list of authorized domains for a virtual circuit used to receive the communication and authorizing subscriber access to the domain when the domain identifier is included in the list. An access server includes a tunnel ID request generator and an authorizer. The tunnel ID request generator generates a tunnel ID request that includes a virtual circuit identifier associated with a virtual circuit used to accept a PPP authentication request. The authorizer grants subscribers domain access based upon a list of authorized domains for the virtual circuit.

183 Citations

15 Claims

1. An access server capable of allowing subscribers of a communications system to gain exclusive access to a domain site associated with a virtual circuit, said access server comprising:
- a memory device capable of storing a domain list table and a tunnel ID table, said domain list table including a plurality of virtual circuit identifiers and associated domain site identifiers, said tunnel ID table including a plurality of domain names and associated tunnel IDs;
  
  an authorized domain list determiner capable of determining an authorized domain list based upon said domain list table and a domain site identifier with a Point-to-Point Protocol (PPP) authentication request, said PPP authentication request received on a virtual circuit having a virtual circuit identifier;
  
  an assessor capable of determining whether said domain site identifier within said PPP authentication request is in said authorized domain list;
  
  a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table and said domain site identifier; and
  
  an authorizer capable of granting subscribers domain site access based upon said authorized domain list.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The access server of claim 1, further comprising:
    - a receiving interface capable of accepting said PPP session authentication request; and
      
      a forwarding interface capable of forwarding said PPP session on a tunneling session associated with said tunnel ID.
  - 3. The access server of claim 2 wherein said tunneling session comprises Layer 2 Tunneling Protocol (L2PT) session.
  - 4. The access server of claim 3 wherein said virtual circuit identifier comprises a Virtual Path Identifier (VPI)/Virtual Channel Identifier (VCI).
  - 5. The access server of claim 1 wherein said first receiving interface comprises at least one access multiplexer, each access multiplexer having a plurality of inputs for receiving a service request, each of said inputs being associated with a particular subscriber virtual circuit.

6. A method for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites, comprising:
- receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network;
  
  determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising;
  
  issuing an authorized domain list request including a virtual circuit identifier;
  
  receiving an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier;
  
  indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list;
  
  indicating said domain site is authorized when said domain site identifier is in said authorized domain list;
  
  issuing a tunnel ID request including said domain site identifier when said domain site is authorized;
  
  receiving a tunnel ID; and
  
  assigning said tunnel ID; and
  
  authorizing subscriber access to said domain site when said domain site identifier is includedin said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6 whereinsaid authorized domain list request is serviced by an Authentication, Authorization and Accounting (AAA) server;
    - andsaid AAA server services said tunnel ID request.
  - 8. The method of claim 6 wherein said virtual circuit identifier comprises a VPI/VCI identifier.

9. A method for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites, comprising:
- receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network;
  
  determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising;
  
  performing a table lookup based on a virtual circuit identifier to obtain an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier;
  
  indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list;
  
  indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list;
  
  performing a table lookup based on said domain site identifier to obtain a tunnel ID when said domain site is authorized; and
  
  assigning said tunnel ID; and
  
  authorizing subscriber access to said domain site when said domain site identifier is includedin said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site.
- View Dependent Claims (10)
- - 10. The method of claim 9 wherein said virtual circuit identifier comprises a VPI/VCI identifier.

11. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to control subscriber access in a network capable of establishing connections with a plurality of domain sites, the method comprising:
- receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network;
  
  determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising;
  
  issuing an authorized domain list request including a virtual circuit identifier;
  
  receiving an authorized domain list that includes authorized domain site for said virtual circuit identifier;
  
  indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list;
  
  indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list;
  
  issuing a tunnel ID request including said domain site identifier when said domain site is authorized;
  
  receiving a tunnel ID; and
  
  assigning said tunnel ID; and
  
  authorizing subscriber access to said domain site when said domain site identifier is includedin said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11 wherein said authorized domain list request is serviced by an AAA server;
    - and said AAA server services said tunnel ID request.
  - 13. The program storage device of claim 11 wherein said virtual circuit identifier comprises a VPI/VCI identifier.

14. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to control subscriber access in a network capable of establishing connections with a plurality of domain sites, the method comprising:
- receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network;
  
  determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising;
  
  performing a table lookup based on a virtual circuit identifier to obtain an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier;
  
  indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list;
  
  indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list;
  
  performing a table lookup based on said domain site identifier to obtain a tunnel ID when said domain site is authorized; and
  
  assigning said tunnel ID; and
  
  authorizing subscriber access to said domain site when said domain site identifier is includedin said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site.
- View Dependent Claims (15)
- - 15. The program storage device of claim 14 wherein said virtual circuit identifier comprises a VPI/VCI identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sitaraman, Aravind, Yager, Charles T., Sheth, Purnam Anil, Burns, Gregory D.
Primary Examiner(s)
Nguyen; Quang N.

Application Number

US09/712,005
Time in Patent Office

2,633 Days
Field of Search

709/208, 709/224, 709/225, 709/223, 709/229, 709/227, 370/401, 370/420, 370/352
US Class Current

709/225
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

183 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links